Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor doing penetration testing during an audit of
Internet connections would:
A. evaluate configurations.
B. examine security settings.
C. ensure virus-scanning software is in use.
D. use tools and techniques that are available to a hacker.
- 1 Answers
- 5455 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Penetration testing is a technique used to mimic an
experienced hacker attacking a live site by using tools and
techniques available to a hacker. The other choices are
procedures that an IS auditor would consider undertaking
during an audit of Internet connections, but are not aspects
of penetration testing techniques.
| Is This Answer Correct ? | 9 Yes | 0 No |
Software maintainability BEST relates to which of the following software attributes? A. Resources needed to make specified modifications. B. Effort needed to use the system application. C. Relationship between software performance and the resources needed. D. Fulfillment of user needs.
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected
Web and e-mail filtering tools are PRIMARILY valuable to an organization because they: A. Safeguard the organization’s image. B. Maximize employee performance. C. Protect the organization from viruses and nonbusiness materials. D. Assist the organization in preventing legal issues.
During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the: A. tape headers should be manually logged and checked by the operators. B. staging and job setup procedures are not appropriate compensating controls. C. staging and job setup procedures compensate for the tape label control weakness. D. tape management system parameters must be set to check all labels.
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? A. Multiple cycles of backup files remain available. B. Access controls establish accountability for e-mail activity. C. Data classification regulates what information should be communicated via e-mail. D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
When reviewing a system development project an IS auditor would be PRIMARILY concerned with whether: A. business objectives are achieved. B. security and control procedures are adequate. C. the system utilizes the strategic technical infrastructure. D. development will comply with the approved quality management processes
The PRIMARY reason for replacing checks (cheques) with EFT systems in the accounts payable area is to: A. make the payment process more efficient. B. comply with international EFT banking standards. C. decrease the number of paper-based payment forms. D. reduce the risk of unauthorized changes to payment transactions.
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response
If a database is restored using before-image dumps, where should the process be restarted following an interruption? A. Before the last transaction B. After the last transaction C. The first transaction after the latest checkpoint D. The last transaction before the latest checkpoint
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in.TCP services.
An IS auditor discovers that an organization?s business continuity plan provides for an alternate processing site that will accommodate fifty percent of the primary processing capability. Based on this, which of the following actions should the IS auditor take? A. Do nothing, because generally, less than twenty-five percent of all processing is critical to an organization?s survival and the backup capacity, therefore is adequate. B. Identify applications that could be processed at the alternate site and develop manual procedures to backup other processing. C. Ensure that critical applications have been identified and that the alternate site could process all such applications. D. Recommend that the information processing facility arrange for an alternate processing site with the capacity to handle at least seventy-five percent of normal processing.
Cisco Certifications 
